| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Nov 2010 14:06:00 +0100 From: "Gilles Espinasse" <g.esp@...e.fr> To: "Ingo Molnar" <mingo@...e.hu>, "Willy Tarreau" <w@....eu> Cc: "Marcus Meissner" <meissner@...e.de>, <security@...nel.org>, <mort@....com>, "Peter Zijlstra" <a.p.zijlstra@...llo.nl>, <fweisbec@...il.com>, "H. Peter Anvin" <hpa@...or.com>, <linux-kernel@...r.kernel.org>, <jason.wessel@...driver.com>, <tj@...nel.org>, <Andrew@...bra8-e1.priv.proxad.net>, <"Morton <"@zimbra8-e1.priv.proxad.net> Subject: Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking ----- Original Message ----- From: "Ingo Molnar" <mingo@...e.hu> To: "Willy Tarreau" <w@....eu> Cc: "Marcus Meissner" <meissner@...e.de>; <security@...nel.org>; <mort@....com>; "Peter Zijlstra" <a.p.zijlstra@...llo.nl>; <fweisbec@...il.com>; "H. Peter Anvin" <hpa@...or.com>; <linux-kernel@...r.kernel.org>; <jason.wessel@...driver.com>; <tj@...nel.org>; <Andrew@...bra8-e1.priv.proxad.net>; <"Morton <"@zimbra8-e1.priv.proxad.net> Sent: Sunday, November 07, 2010 10:08 AM Subject: Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking > > * Ingo Molnar <mingo@...e.hu> wrote: > > > If your claim that 'kernel version is needed at many places' is true then why am i > > seeing this on a pretty general distro box bootup: > > > > [root@...ebaran ~]# uname -a > > Linux aldebaran 2.6.99-tip-01574-g6ba54c9-dirty #1 SMP Sun Nov 7 10:24:38 CET 2010 x86_64 x86_64 x86_64 GNU/Linux > > > > ? > > > > Yes, some user-space might be unhappy if we set the version _back_ to say 2.4.0, > > but we could (as the patch below) fuzz up the version information from > > unprivileged attackers easily. > > Btw., with an 'exploit honeypot' and 'version fuzzing' the uname output would look > like this to an unprivileged user: > > $ uname -a > Linux aldebaran 2.6.99 x86_64 x86_64 x86_64 GNU/Linux > > [ we wouldnt want to include the date or the SHA1 of the kernel, obviously. ] > > And it would look like this to root: > > # uname -a > Linux aldebaran 2.6.37-tip-01574-g6ba54c9-dirty #1 SMP Sun Nov 7 10:24:38 CET 2010 x86_64 x86_64 x86_64 GNU/Linux > > Ingo A bit late comment gesp@...8x-e:~$ strings /lib/modules/*/kernel/drivers/scsi/in2000.ko | grep 2010 Sep 16 2010 gesp@...8x-e:~$ strings /lib/modules/*/kernel/drivers/char/nozomi.ko | grep 2010 Nozomi driver 2.1d (build date: Sep 16 2010 19:01:27) gesp@...8x-e:~$ uname -a Linux a7n8x-e 2.6.26-2-686 #1 SMP Thu Sep 16 19:35:51 UTC 2010 i686 GNU/Linux Should it not be considered before to remove __DATE__ and __TIME__ from module code? That would have too the good effect that everyone that compile same code with same compiler get exactly same file. Gilles -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists